On 2.7.2019 8.06, Peter via dovecot wrote: > On 11.01.2018 13:20, Hauke Fath wrote: > >/On Thu, 11 Jan 2018 12:20:45 +0200, Aki Tuomi wrote: />>/Was the > certificate path bundled in the server certificate? />/No, as a > separate file, provided from the local (intermediate) CA: > />//>/ssl_cert = </etc/openssl/certs/server.cert />/ssl_key = > </etc/openssl/private/server.key />/ssl_ca = > </etc/openssl/certs/ca-cert-chain.pem />//>/Worked fine with 2.2.x, > 2.3 gives />//>/% openssl s_client -connect XXX:993 > />/CONNECTED(00000006) />/depth=0 C = DE, ST = Hessen, L = Darmstadt, > O = Technische > Universitaet />/Darmstadt, OU = XXX, CN = XXX.tu-darmstadt.de > />/verify error:num=20:unable to get local issuer certificate > />/verify return:1 />/depth=0 C = DE, ST = Hessen, L = Darmstadt, O = > Technische > Universitaet />/Darmstadt, OU = XXX, CN = XXX.tu-darmstadt.de > />/verify error:num=21:unable to verify the first certificate > />/verify return:1 />/--- />/Certificate chain />/0 > s:/C=DE/ST=Hessen/L=Darmstadt/O=Technische Universitaet > />/Darmstadt/OU=XXX/CN=XXX.tu-darmstadt.de > />/i:/C=DE/ST=Hessen/L=Darmstadt/O=Technische Universitaet > />/Darmstadt/CN=TUD CA G01/emailAddress=tud-ca at hrz.tu-darmstadt.de > <https://dovecot.org/mailman/listinfo/dovecot> />/--- />/Server > certificate />/-----BEGIN CERTIFICATE----- />/[...] />/% />// > Seems we might've made a unexpected change here when we revamped > the ssl > code. Can you try if it works if you concatenate the cert and > cert-chain > to single file? We'll start looking if this is misunderstanding or > bug. > > Aki > > ----------------------------------------------------------------- > > Hi Aki, > > I believe that Dovecot 2.3.6 sends only one certificate even though my > Dovecot uses two concatenated certificates. > > Thanks for looking into this. > > Regards, > Peter
Hi! Can you provide readable output of openssl s_client -connect host:993 Aki
